| Database entitlement -> Monitor Keywords |
|
|
  Database entitlementUSPTO Application #: 20080052291Title: Database entitlement Abstract: A method, system and computer-readable medium for controlling access to a relational database is presented. The method includes: defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases; receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and determining if the user is authorized to access the requested data by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user. The plurality of entitlement tables may have a priority hierarchy, wherein the priority hierarchy defines a higher priority entitlement table as being dominant to a lower priority entitlement table. (end of abstract)
Agent: Dillon & Yudell LLP - Austin, TX, US Inventor: Michael Bender USPTO Applicaton #: 20080052291 - Class: 707 9 (USPTO) The Patent Description & Claims data below is from USPTO Patent Application 20080052291. Brief Patent Description - Full Patent Description - Patent Application Claims
BACKGROUND OF THE INVENTION [0001]1. Technical Field [0002]The present invention relates in general to the field of computers, and more particularly to relational databases. Still more particularly, the present invention relates to controlling access to a relational database through the use of reusable entitlement tables. [0003]2. Description of the Related Art [0004]In the database management arena, entitlements ("authorized access to") to data are built into a database management system are at the table level (or view). That is, each table in a relational database must have its own set of rules for entitlement, thus requiring a new set of rules for each table that must be built into complex views. This condition is cumbersome, since the rules of entitlement are not scalable and have to be rebuilt for every table. (For purposes of the present disclosure, the term "table" will be used to describe a view of structured data in a relational database.) SUMMARY OF THE INVENTION [0005]The present invention recognizes the need for a scalable entitlement system for rows of data in a relational database table. To provide a new and useful solution to this need, a method, system and computer-readable medium are presented that utilize a scalable entitlement table. The method includes the steps of: defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases; receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and determining if the user is authorized to access the table, as well as the requested data, by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user. This method provides a practical application that is useful, concrete and tangible since multiple disparate databases (including those found in the program DB2) can now, through the use of the present invention, have entitlement controlled by a single entitlement table object. In one embodiment, the plurality of entitlement tables have a priority hierarchy, wherein the priority hierarchy defines a higher priority entitlement table as being dominant to, and therefore overrides, a lower priority entitlement table. [0006]The method may further include the step of, in response to determining an existence of a higher priority entitlement table that overrides a lower priority entitlement table, controlling access to the requested data according to entitlement criteria for the user identifier found in the higher priority entitlement table. This user identifier may be extracted from a header in the request for the requested data, wherein the SQL identifier was created by the DB2 relational database program for the user when the user logged into the DB2 relational database program. In one embodiment, at least one of the plurality of entitlement tables includes only rules for inclusion that permit a user with a specific user identifier to access the requested data, and wherein at least one of the plurality of entitlement tables includes only rules for exclusion that prohibit a user from accessing the requested data. Note also, that in one embodiment, access to requested data is limited to a single row of data in a relational database. In another embodiment, the method may further include the steps of: receiving, by an Assistance Allocation Manager (AAM), an Assistance Initiating Data (AID) from a resource in a data processing system; and in response to receiving the AID, executing a rule, in the AAM, that is specific for the AID and the resource that sent the AID, wherein executing the rule in the AAM causes the steps described herein to be executed for the resource that sent the AID. [0007]The above, as well as additional purposes, features, and advantages of the present invention will become apparent in the following detailed written description. BRIEF DESCRIPTION OF THE DRAWINGS [0008]The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further purposes and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, where: [0009]FIG. 1a depicts an entitlement table that is superior to, and autonomous to, a database in a relational database system; [0010]FIG. 1b illustrates exemplary detail of the entitlement table and database shown in FIG. 1a; [0011]FIG. 1c depicts multiple entitlement tables that have a hierarchical relationship between entitlement tables; [0012]FIG. 2 is a flow-chart of exemplary steps taken in to utilize autonomous entitlement tables to afford access to data in a database; [0013]FIG. 3 depicts an exemplary client computer which can be utilized in accordance with the present invention; [0014]FIG. 4 illustrates a software deploying server that is capable of deploying software to the client computer shown in FIG. 3 to implement the present invention; [0015]FIGS. 5a-b are flow-chart showing steps taken to deploy software capable of executing the steps shown in FIGS. 1a-2; [0016]FIGS. 6a-c are flow-charts showing steps taken to deploy in a Virtual Private Network (VPN) software that is capable of executing the steps shown in FIGS. 1a-2; [0017]FIGS. 7a-b are flow-charts showing steps taken to integrate into an computer system software that is capable of executing the steps shown in FIGS. 1a-2; [0018]FIGS. 8a-b are flow-charts showing steps taken to execute the steps shown in FIGS. 1a-2 using an on-demand service provider; and [0019]FIGS. 9a-b illustrate a process for utilizing one or more rules to invoke the methods described by the present invention, including but not limited to the steps described in FIGS. 1a-2. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT [0020]With reference now to the figures, and in particular to FIG. 1a, a relational database 102, found in a database management system, is shown for communicating data to a user 106. Note, however, that the user must go through an entitlements table 104 in order to gain access to the database 102. This entitlements table 104 is autonomous from database 102, since the same entitlement table 104 may be utilized by multiple different databases 102. Continue reading... Full patent description for Database entitlement Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Database entitlement patent application. Patent Applications in related categories: 20080235234 - Access control list (acl) binding in a data processing system - Systems for updating an access control list (ACL) associated with one or more resources in a data processing system are provided. The system provides a table including a list of one or more first ACLs that map to a corresponding one or more previously computed second ACLs. The system also ... 20080235231 - Computer-implemented systems and methods for database access - Computer-implemented systems and methods for providing row-level security. A system can be configured to receive a request for data that is contained in tables and to use one or more row-level security policies to augment the received request with one or more row-level security query-related clauses. ... 20080235233 - Genetc profiling and banking system and method - A genetic banking system allows the ability to securely store genetic profile data while allowing access to individuals authorized to access the profile for authorized purposes. ... 20080235229 - Organizing scenario-related information and controlling access thereto - Mechanisms for organizing scenario solution-related information based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. Such metadata may be stored in association with a scenario solution ... 20080235232 - System and/or method for sharing and evaluating dietary information - The present invention provides a system (10) and/or method (100,200,300) for sharing and evaluating dietary information. The system (10) enables the creation of an interactive community of diet, nutrition and/or weight conscious individuals that can interactively exchange opinions, information and results to generate objective and useful information that other members ... 20080235230 - Using location as a presence attribute - Embodiments of the invention provide systems and methods for determining location of a principal. According to one embodiment, a method of providing location information for a principal can comprise receiving a presence event related to the principal. A location of the principal can be indicated by or determined based on ... ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Database entitlement or other areas of interest. ### Previous Patent Application: Session file modification with locking of one or more of session file components Next Patent Application: File system with distributed components Industry Class: Data processing: database and file management or data structures ### FreshPatents.com Support Thank you for viewing the Database entitlement patent info. IP-related news and info Results in 0.0927 seconds Other interesting Feshpatents.com categories: Daimler Chrysler , DirecTV , Exxonmobil Chemical Company , Goodyear , Intel , Kyocera Wireless , |
||
